Log in links for this page

Microsoft O365 International Access

Request access to Microsoft O365 for a person who has been authorized to work remotely outside of the United States.

EOTSS End User and IT Service Support

Phone

Support for Commonwealth end users and IT support personnel

Cybersecurity and Enterprise Risk Management

Online

For cybersecurity or risk management questions: Email Cybersecurity and Enterprise Risk Management at ERM@mass.gov

The Details of Microsoft O365 International Access

Features for Microsoft O365 International Access

This request is for access to Microsoft O365 Internationally, and requires both Agency/Secretariat’s General Counsel or designee approval, and Agency/Secretariat’s CISO or designee approval.

This access is for a user who will work outside of the United States (American Samoa, Guam, Northern Mariana Islands, Puerto Rico, and the Virgin Islands require international access) on either a temporary, or semi-permanent basis. For users with a primary work location outside of the United States, (consultants, contractors, vendors, etc.) access must be reviewed on a regular basis.

Please request access at least 1 week prior to required access date.

Please request access at least 2 weeks prior, if requesting travel to a country on the deny-list - requires Enterprise EOTSS Chief Information Security Officer (CISO) approval.

Please note that if a Commonwealth device is required for travelling, a request for policy exception to Enterprise Information Security Policies and Standards IS.004 Asset Management Standard – 6.7 Endpoint Security - Section 6.7.10 Ensure that Commonwealth-owned or managed devices do not leave the United States is required. Please request exception at least 2 weeks prior to travel date.

How to request Microsoft O365 International Access

Designated Security Officers (DSOs) ONLY - will request on behalf of Commonwealth employees and their authorized business partners, whether or not currently supported by EOTSS.

Request service via a ServiceNow request

Policies for Microsoft O365 International Access

The following communication was sent to Designated Security Officers regarding this policy on 9/1/23. 

IS.003 Access Management Standard – Information Systems -6.3.3 No system or database containing non public information shall be directly accessible from an untrusted network  

IS.004 Asset Management Standard - 6.7 Endpoint Security -6.7.10 Ensure that Commonwealth-owned or managed devices do not leave the United States.

If personnel will be travelling outside of the Continental U.S. and they require Commonwealth issued equipment, a Designated Security Officer must request a Security Exception for that person. 

IS.006 Communication and Network Security Standard – 6.2 Remote Access Security Management -6.2.1 All external connections to the Commonwealth family of networks must be reviewed and approved by the Commonwealth CISO

DENY LIST (Updated November 2023)

Afghanistan  
Belarus  
Burkina Faso  
Burma (Myanmar)  
Burundi  
Central African Republic  
Chad  
China  
Columbia
Democratic Republic of the Congo  
Egypt
El Salvador  
Ethiopia  
Guatemala  
Guinea-Bissau  
Guyana  
Haiti  
Honduras  
Iran  
Iraq  
Israel, the West Bank and Gaza  
Jamaica
Lebanon  
Libya  
Macau
Mali  
Mauritania  
Mexico  
Nicaragua  
Niger  
Nigeria  
North Korea (Democratic People's Republic of Korea)  
Pakistan
Papua New Guinea  
Russia  
Saudi Arabia
Somalia  
South Sudan  
Sudan  
Syria  
Trinidad and Tobago  
Uganda
Ukraine  
Venezuela  
Yemen  

 

The list above was created by using a combination of sources from the federal government commerce ban, the CDC, and the US Department of State. 

Refer to the U.S. Department of State for a listing of current travel advisories: 
https://travel.state.gov/content/travel/en/traveladvisories/traveladvisories.html/  

 

Downloads for Microsoft O365 International Access

Contact for Microsoft O365 International Access

Address
McCormack Building
1 Ashburton Place, 8th Floor, Boston, MA 02108
Online
For cybersecurity or risk management questions: Email Cybersecurity and Enterprise Risk Management at ERM@mass.gov

Help Us Improve Mass.gov with your feedback

Feedback